diff --git a/content/en/about/contributing.md b/content/en/about/contributing.md index b219234c..236f3d41 100644 --- a/content/en/about/contributing.md +++ b/content/en/about/contributing.md @@ -14,6 +14,23 @@ To contribute to Sigstore as a developer, check out the following repositories f - [Rekor](https://github.com/sigstore/rekor) - [Fulcio](https://github.com/sigstore/fulcio) +### Sigstore clients + +- Go: + - [sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) + - [sigstore/sigstore](https://github.com/sigstore/sigstore) + - [Sigstore Go meeting notes](https://docs.google.com/document/d/1EcJIhqSS9E86cHAQXaXiu2_r1s0kNbHz4uLLwwGo-vw/edit) +- Python: + - [sigstore/sigstore-python](https://github.com/sigstore/sigstore-python) +- Java and Maven: + - [sigstore/java](https://github.com/sigstore/sigstore-java) + - [sigstore/sigstore-maven](https://github.com/sigstore/sigstore-maven) + - [sigstore/sigstore-maven-plugin](https://github.com/sigstore/sigstore-maven-plugin) + - [Sigstore Java meeting notes](https://docs.google.com/document/d/1R7mL-IUrc2Z_LuOIvwDWshVuPQS_2VNE_cIQx4Oy5zw/edit) +- JavaScript: [sigstore/sigstore-js](https://github.com/sigstore/sigstore-js) +- Rust: [sigstore/sigstore-rs](https://github.com/sigstore/sigstore-rs) +- Ruby: [sigstore/ruby-sigstore](https://github.com/sigstore/ruby-sigstore) + ## Contributing to the documentation This covers a few basics to get you started. It covers pointers for writing clear, consistent technical documentation, some tips and tricks you can use in Nuxt, to sigstore community policies on changing and reviewing content. @@ -65,6 +82,7 @@ The Nuxt documentation is a great first stop for anyone new to writing technical Resource: https://content.nuxtjs.org/ ## Community + The [sigstore/community](https://github.com/sigstore/community/) repository contains the most up-to-date information about how to get involved with the Sigstore project and its community. In this repository you can find our [code of conduct](https://github.com/sigstore/community/blob/main/CODE_OF_CONDUCT.md) and our [contributing guidelines](https://github.com/sigstore/community/blob/main/CONTRIBUTING.md). diff --git a/content/en/about/research.md b/content/en/about/research.md index f80a0940..85e3e7a6 100644 --- a/content/en/about/research.md +++ b/content/en/about/research.md @@ -6,29 +6,16 @@ title: Research weight: 40 --- -The Sigstore Rekor project was initiated by Luke Hinds with Red Hat as the founding company in mid-2020. Later, Bob Callaway and Dan Lorenc joined as co-founders of the Sigstore project, which launched in March 2021 with the three major projects of Rekor, Fulcio, and Cosign. Sigstore became a Linux Foundation project on March 9, 2021, [citing founding members](https://www.linuxfoundation.org/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/) that include Red Hat, Google, and Purdue University. On October 25, 2022, Sigstore was marked publicly available as it announced [general availability for Rekor and Fulcio](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d/). +## Sigstore Research -## Relevant Research +- [Sigstore: Software Signing for Everybody](https://dl.acm.org/doi/10.1145/3548606.3560596) -Academic and industry research related to software supply chain security, transparency, reproducibility, and more: - -* [Software Distribution Transparency and Auditability](https://arxiv.org/abs/1711.07278) -* [Contour: A Practical System for Binary Transparency](https://arxiv.org/abs/1712.08427) -* [Reproducible Builds: Break a log, good things come in trees](https://bora.uib.no/bora-xmlui/handle/1956/20411) -* [Dependency Issues: Solving the World's Open-Source Software Security Problem](https://warontherocks.com/2022/05/dependency-issues-solving-the-worlds-open-source-software-security-problem/) -* [Software Supply-Chain Security Reading List](https://github.com/chainguard-dev/ssc-reading-list) +## Software Supply Chain Research -## Sigstore and Programming Language Communities +Academic and industry research related to software supply chain security, transparency, reproducibility, and more: -* Go: [sigstore/sigstore](https://github.com/sigstore/sigstore) -* Python: - * [sigstore/sigstore-python](https://github.com/sigstore/sigstore-python) - * [Securing the Open Source Software Supply Chain at PyCon](https://www.youtube.com/watch?v=i1QqhGsbX6Y) -* Ruby: - * [sigstore/ruby-sigstore](https://github.com/sigstore/ruby-sigstore) - * [Gems security](https://docs.ruby-lang.org/en/2.1.0/Gem/Security.html) -* Java and Maven: - * [sigstore/java](https://github.com/sigstore/sigstore-java) - * [sigstore/sigstore-maven](https://github.com/sigstore/sigstore-maven) - * [Sigstore Java meeting notes](https://docs.google.com/document/d/1R7mL-IUrc2Z_LuOIvwDWshVuPQS_2VNE_cIQx4Oy5zw/edit) -* Rust: [sigstore/sigstore-rs](https://github.com/sigstore/sigstore-rs) +- [Software Distribution Transparency and Auditability](https://arxiv.org/abs/1711.07278) +- [Contour: A Practical System for Binary Transparency](https://arxiv.org/abs/1712.08427) +- [Reproducible Builds: Break a log, good things come in trees](https://bora.uib.no/bora-xmlui/handle/1956/20411) +- [Dependency Issues: Solving the World's Open-Source Software Security Problem](https://warontherocks.com/2022/05/dependency-issues-solving-the-worlds-open-source-software-security-problem/) +- [Software Supply-Chain Security Reading List](https://github.com/chainguard-dev/ssc-reading-list)